runtime error on mosquitto_pub with TLS v1.3 enabled at build time

Question

I am working on an application that requires TLS v1.3 & MQTT v5.0, and I have to build mosquitto MQTT brokers and subscribers, on Debian system of different physical hosts, as part of my work.

From mosquitto Github repository, I managed to build mosquitto libraries (v1.6.7) & binary tools (and its README.md describes that TLS is enabled at build time by default) :

make WITH_DOCS=no
make install  WITH_DOCS=no

I also set up CA certificates / server certificates (for the MQTT broker) , and modified mosquitto.conf (learn from here). When I tried to publish a message to my MQTT brokers , I got following error :

mosquitto_pub -d --tls-version  tlsv1.3   --cafile  ./ca.crt  -i rpi3peer -V mqttv5  -h 123.45.6.78  -p 8883  -u MY_BROKER_NAME  -P BROKER_PASSWD  -t "topic/placed/here"  -m "put some messsage"

> Error: Protocol tlsv1.3 not supported

On the MQTT broker, it was just establishing a new connection at TCP level, then immediately closed, I also captured few packets between the broker and client using Wireshark, but there's no TLS v1.3 packet from there.

How could I deal with this issue ?

Answer 1

Answer my own question. After reading through net_mosq.c from this commit of mosquitto repository, it turns out that one more parameter has to be included : SSL_OP_NO_TLSv1_3 at build time, the build command will be :

make WITH_DOCS=no  CPPFLAGS="-DSSL_OP_NO_TLSv1_3"

sudo make install  WITH_DOCS=no

then start mosquitto MQTT broker & publisher again with the same commands mosquitto, mosquitto_pub (detail in my post above) , now it works well.